More than 50,000 Android users need to delete this malicious new app pronto
Google's Play Store is under constant attack from increasingly resourceful bad actors, and despite the search giant's best efforts to keep Android users worldwide protected from all kinds of threats to their most sensitive information, yet another malicious app has reportedly managed to wreak havoc of late.
What's the app and how concerned should you be?
Posing as an innocent and helpful "battery saver & phone booster", Fast Cleaner racked up over 50,000 installs before Google finally caught on to the app's real intentions. Thanks to a tactic as old as time, that injected a brand-new banking trojan into the Android devices of unsuspecting users across the old continent, aiming to steal credentials and intercept text messages and notifications without anyone ever noticing anything fishy.
Fortunately, ThreatFabric's security researchers did discover and thoroughly document everything that was going on behind the scenes of some of those infected phones, dubbing the recently developed malware "Xenomorph" and finding a lot of similarities between it and "Alien", a banking trojan we previously discussed less than three months ago.
The good news is "Xenomorph" was apparently uncovered in the "inphancy" stage of its development, which means some of its malicious capabilities were not actually operational when ThreatFabric conducted its analysis. In other words, this is probably a slightly less dangerous trojan than the aforementioned "Alien" or the widely reported "Joker" that's been circulating in different iterations for several years now.
The bad news is said capabilities could be enabled and expanded at any moment, both on devices currently running the Fast Cleaner app and via other innocuous-looking apps that have either not been published or discovered yet.
What can you do to steer clear of danger?
Obviously, the first thing to do is immediately uninstall Fast Cleaner if you made the mistake of trusting its "battery saver" and performance booster intentions to start with.
Because that's a pretty generic app name (which is obviously no coincidence), you should also make sure what you're about to delete is not something legit and (most likely) safe to use, like the significantly more popular "Fast Cleaner-Booster & Cleaner" from powerd dev team or Everyone's extremely well-reviewed "Fast Cleaner & CPU Cooler."
The Xenomorph malware is primarily going after European banks... at the moment.
To be perfectly clear, the malicious app analyzed by ThreatFabric was purportedly created by "ilzeeva4", which is probably not a real developer anyway, and you can no longer find this in the Play Store.
Alas, merely deleting the app may not be enough to rid yourself of the threat, as sneaky lines of code could be left behind to continue harvesting financial data. A good additional security measure would be to contact your bank or simply check your statements for unauthorized operations, and perhaps more importantly, frequently change your passwords, PIN numbers, and so on.
Two-factor authentication involving a second device, like a backup phone or a computer, is a great way to keep your money safe in general, and as far as malicious Android apps are concerned, remember to always check user ratings and avoid little-known titles and developers promising you features and functionalities that seem too good to be true.
This time, the specific targets of the credential-stealing operation included a grand total of 56 different banks from Europe only (and a bunch of additional cryptocurrency wallets and services), but the next threat could well span the entire world, so it's important to stay safe and follow our advice wherever you live and whatever Android device you use.
Things that are NOT allowed: